Finally got a chance to spend a bit more time on zot6, which has been languishing for a couple of months while I've been tied up with federation nits and registration workflows and people who can't figure out how to send email. Anyway, today I got two zot6 sites to communicate with each other and the delivery performance is pretty awesome.

In a nutshell, we're using OpenWebAuth on send to avoid a verification callback. We don't really have to verify the receiver since private messages are technically encrypted twice. Ergo, it shouldn't really matter if they get MITM'd - they still can't read the message or see anything in the metadata. I still have one additional step to encrypt the HTTPSignature - as it can leak metadata about the sender. (The folks writing specs never think of these things.) Once that's done I'll start hammering on it to try and break it, but otherwise start migrating it into the mainline code.

It basically doubles delivery performance on both ends of the connection. It will fall back to doing it the slow way, and will work all the way back to ancient redmatrix installs; but if you're using anything less than Hubzilla 3.0.1 you're being put on notice. Please upgrade.

Mario's recent work improving the DB queries is also dramatic, so performance on the next release should be striking overall.

There are trade-offs: the sender doesn't know with absolute certainty that the receiver is who we think (could be DNS spoofed). But proving this as we did in Zot1 comes at a huge performance cost. The trade-off is saying "ok, you might be an impostor, but as long as you can't read the private message I'm sending or know who sent it or who it's to, maybe I don't really care". The real site will still get the communication.

I'm thinking of bringing back the host verification step in a later iteration, but as an extra security level rather than applying it to everybody. We certainly don't need this for public communication and we don't even need it for the average Hubzilla PM or private conversation. It should be there if you really want it, but slowing down everybody's performance for the benefit of a few who actually require the extra assurance shouldn't be the default.